tking/fastapi-gsap
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
fastapi-gsap/tests
History
Tyler J King 5015f3dd43 fix(drivers): JWKS verification for Keycloak, remove Entra fallback, gate on_behalf_of 
C-1: Keycloak driver now verifies JWT signatures via JWKS.
     Forged tokens are rejected. Previously any base64 JWT was accepted.
C-2: on_behalf_of requires gsap:impersonate role in JWT claims.
C-3: Entra driver denies on JWKS failure (no unverified fallback).
H-10: JWKS cache refreshes on kid miss for key rotation.

Shared JWKSVerifier used by both drivers. alg=none blocked.
iss, aud, exp validated for all tokens.

Signed-off-by: Tyler King <tking@guildhouse.dev>
2026-04-14 07:51:38 -04:00
..
__init__.py feat: fastapi-gsap — lightweight GSAP broker PoC 2026-03-30 14:10:21 -04:00
conftest.py feat: fastapi-gsap — lightweight GSAP broker PoC 2026-03-30 14:10:21 -04:00
test_broker.py feat: fastapi-gsap — lightweight GSAP broker PoC 2026-03-30 14:10:21 -04:00
test_compliance_gate.py feat(authorize): add Intune compliance-gated AC issuance 2026-04-14 05:24:03 -04:00
test_connectors.py feat: governed connector module 2026-03-30 16:42:38 -04:00
test_credentials.py feat: wire credential resolver and connectors into broker startup 2026-04-14 06:03:57 -04:00
test_entra_driver.py fix(drivers): JWKS verification for Keycloak, remove Entra fallback, gate on_behalf_of 2026-04-14 07:51:38 -04:00
test_functions.py feat: governed function runtime + billing drain 2026-03-30 22:12:29 -04:00
test_graph_client.py test: add Graph API client unit tests 2026-04-14 05:28:46 -04:00
test_intune.py feat(connectors): add Intune device management connector 2026-04-14 05:21:47 -04:00
test_keycloak_driver.py fix(drivers): JWKS verification for Keycloak, remove Entra fallback, gate on_behalf_of 2026-04-14 07:51:38 -04:00
test_mcp_intune.py feat(mcp): add Intune device management tools 2026-04-14 05:25:08 -04:00